Month: April 2018

In this week, I learned mainly about how to install Damn Vulnerable Web Application or usually known as DVWA . Below are the steps that I did to install DVWA in Kali Linux.

Step 1

Firstly, change directory to /var/www/html using cd command. With the current directory, wget(web get) from a github link that my teacher has provided in the WhatsApp group for installing DVWA. So basically, it will copy/clone the files from that specific github url.  From that site, I got v1.9.zip that saved in the current directory. Then unzip the zip file(v1.9.zip) to extract it to the directory.

Step 2

After the file has zipped, move the content from the directory DVWA-1.9 to the web root directory by typing mv DVWA-1.9/*  /var/www/html. And then chown the directory to change owner. Check whether v1.9.zip is in the directory or not by using ls -l command. When the v1.9.zip is there, it means that the zip file is successfully loaded into the directory.  To start the apache and mysql, use service apache2 start ; service mysql start. And lastly, type ps awux | egrep “apache|mysql”.

Step 3

In the picture above, it is mainly about setup the database such as name, password, and privileges. When the database setup is done, use nano to run the config.inc.php file.

Step 4

Above picture is the config.inc.php file. I configure it according to the database that I have set up before in step 3.

After that open the DVWA installation in the browser and create the database. Then type the username and password that I have set up before.

Finally, the site will show the frontpage of DVWA, means that I have successfully installed it. With DVWA, I could learn so many methods like Brute Force, Command Injection, SQL Injection and many other methods with various difficulty levels, with a simple straightforward interface.

From what I learn last week, ping sweep is basically a technique to find out which hosts are up in a network according to the range of IP addresses that I have set by pinging an entire range of network IP addresses . In this case, I am looking for the active hosts in the range of 125.161.187.1-35.

First I am using Nmap scanning tool to determine which host is up from the range that I have chosen.

nmap -sP 125.161.187.1-35

In the picture above, it shows 35 active hosts from the range 125.161.187.1-35.  After that, I am trying to use fping to test whether the results are the same or not.

fping -g 125.161.187.1 125.161.187.35

The results from both tools are same, which is means that we can use any of those tools to determine which host in up in the given range.

Nmap or Network Mapper is a tool in kali linux that specially for port scanning. With this tool,  we can see the active host, the open port, the operating system that used by the host and others scanning features.  In this case, I am trying to scan pentest.id as a target.

First I am trying to get the IP address of the target shown in the picture below.

host pentest.id

And then I am using nmap -O to detect the OS version that is used and also the open ports as well as the service. In the picture below, some ports that are opened are port 53, port 80,  port 443, port 8080 and port 8443.

nmap -O pentest.id or nmap -O 104.28.30.3

When we include -sV in nmap scanning, it will show the versions of the open ports as well.

nmap -sV 104.28.30.3 -A

So last week we had an exercise to try enumerate wp1.pentest.id and jo1.pentest.id. From what I learned, WPScan is used to find vulnerabilities for CMS WordPress. Moreover, it could also find a list of plugins and themes that were used by the target. As well as Joomscan, it is used to find vulnerabilities, but it is especially for a website that used CMS Joomla.

WPscan wp1.pentest.id

WPscan jo1.pentest.id

From using wpscan command,  I could scan vulnerabilities from pentest.id or other any website that based on CMS WordPress.

theharvester pentest.id

Another command that I used is theharvester. With it, we could gather the emails, the hosts, the open ports and banners from a specific website through different public sources like search engines.